UCF STIG Viewer Logo

Marking Classified - Equipment, Documents or Media: In a classified operating environment, all unclassified items must be marked in addition to all classified items.


Overview

Finding ID Version Rule ID IA Controls Severity
V-31910 IS-03.02.01 SV-42207r2_rule ECML-1 Medium
Description
Failure to properly mark classified material could result in the loss or compromise of classified information.
STIG Date
Traditional Security 2013-07-11

Details

Check Text ( C-40609r4_chk )
Check to ensure ALL equipment/media/documents in the areas housing SIPRNet assets contain proper classification markings.

In a classified operating environment, all unclassified items must be marked in addition to all classified items. For instance: In areas where any classified equipment such as servers, client workstations, printers, routers, crypto, etc. are being used - all classified equipment, media and documents must be properly marked with classification levels and handling caveats - AND ALL UNCLASSIFIED equipment (servers, client workstations, printers, routers, crypto, etc.), media and documents must also be properly marked as unclassified and with handling caveats such as FOUO, when appropriate. This total marking of all assets in a classified environment eliminates the assumption that anything not marked is unclassified. Hence, all equipment, media and documents within SCIFs, Vaults, Secure Rooms and classified Controlled Access Areas (CAA) must be marked with classification levels and handling caveats.
TACTICAL ENVIRONMENT: This check is applicable in a tactical environment if classified documents or media are created/extracted from the SIPRNet. The only exception will be for urgent (short term) tactical operations or other contingency situations where fixed facilities and equipment are not yet present or incapable of being used. All deployed SIPRNet equipment should already contain applicable classification markings/labels.


Fix Text (F-35848r3_fix)
Ensure ALL equipment/media/documents in the areas housing SIPRNet assets contain proper classification markings. In a classified operating environment, all unclassified items must be marked in addition to all classified items. For instance: In areas where any classified equipment such as servers, client workstations, printers, routers, crypto, etc. are being used - all classified equipment, media and documents must be properly marked with classification levels and handling caveats - AND ALL UNCLASSIFIED equipment (servers, client workstations, printers, routers, crypto, etc.), media and documents must also be properly marked as unclassified and with handling caveats such as FOUO, when appropriate. This total marking of all assets in a classified environment eliminates the assumption that anything not marked is unclassified. Hence, all equipment, media and documents within SCIFs, Vaults, Secure Rooms and classified Controlled Access Areas (CAA) must be marked with classification levels and handling caveats.